IT Examiner School, Providence, RI

SOC Reports

• In conjunction with SSAE 18 standards, additional reports have been established as the framework for examining controls.

• These are known as Service Organization Control (SOC) reports.

SOC 1

• A SOC 1 report is an engagement performed under SSAE 18 in which a service auditor reports on controls at a service organization that may be relevant to user entities’ internal control over financial reporting.

• The scope should cover the information systems that are utilized to deliver the services under review.